Windows Server

GPUpdate Switches: GPUpdate vs GPUpdate force

When a Group Policy is created using either the Group Policy Management Editor or via The Local group Policy editor, these policies aren’t immediately applied to the user and computer objects Active Directory or your local computer.

By default, these updates are applied every 90 minutes. To us, this is like forever, and we want these policies to be applied immediately. In this case, the GPUpdate command can be used to achieve this.

In this article, I will be focusing and clearing the misconception between gpupdate vs gpupdate /force. Here is a brief explanation of the difference between the two

  1. Gpupdate: Here the gpupdate reads the Group Policy store and versions of the GPOs and applies GPOs only if something has changed.
    – In other words, it applies any policies that is new or changed user and computer policy settings are applied.
  2. Gpupdate /force: Here all group policies are downloaded and applied.
    – In other words, it reapplies every policy, both new and old.
    Note: with the  /Force switch, this is only vital  if there
    are local admins, then you might have to call this up to make sure that everything is as predetermined

Simply running gpupdate is sufficient most of the time. Running gpupdate /force against several targets (devices) can have tremendous effects; these devices will end up re-evaluating the GPO applied to them. In this way, if there are settings configured wrongly by some other administrators, these settings will be applied. Here is the syntax of how the tool is used.

Gpupdate [/Target:{Computer | User}] [/Force] [/Wait:<value>] [/Logoff] [/Boot] [/Sync]

Via Command Prompt: For other switches as displayed on the image above, here are some descriptions

gpupdate /force
  • /LogOff: Here, certain GPOS, such as Folder Redirection, can’t apply in the background. If a logoff is required, this switch will initiate it.
  • /Boot: If a policy, such as software installation, needs to be applied – the boot command will reboot the machine.
  • /Sync: Useful for changing the foreground (startup/logon) processing to sync.

Via PowerShell: You can also use PowerShell cmdlets to target remote devices in order to apply GPUpdate.

Example 1:

Invoke-GPUpdate -Computer COMPUTERNAME –Force

Example 2.

$Computers  = Get-AdComputer -SearchBase "OU=testuser, DC=TechDirectArchive,DC=local" -Filter *
Foreach ($Computer in $Computers) {invoke-gpupdate -Computer $Computers.Name} 

Via Group Policy Management Console: Lastly, Microsoft also has a feature built into Group Policy Management Console that enables you to run GPUpdate against an OU.

  • On the desired “OU”
  • Right click and select Group Policy Update and that is all.

If you have found other useful methods, kindly comment below and let me know via the comment session.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x